Cloud Security Alliance Presents Privacy Level Agreement Initiative

Hong Kong's ASTRI partners with the Cloud Security Alliance (CSA), as the CSA forms a Privacy Level Agreement group in the EU.

The Cloud Security Alliance (CSA), a
nonprofit organization dedicated to promoting the use of best practices for
providing security assurance within cloud computing, and to provide education
on the uses of cloud computing to help secure all other forms of computing, launched
a Privacy Level Agreement (PLA) Working Group in the EU and a partnership with
the Hong Kong Applied Science and Technology Research Institute (ASTRI) to
advance cloud computing security and build capabilities that will accelerate
the development of the cloud ecosystem in Hong Kong.
The PLA Working Group includes
independent privacy and data protection subject matter experts, privacy
officers and representatives from data protection authorities. The group will
work to define compliance baselines for data protection legislation and
establish best practices for defining a standard for communicating the level of
privacy measures such as data protection and data security that it agrees to
maintain while hosting third-party data.

"The goal of this Working Group is to create
a structure for privacy disclosures that will provide both cloud providers and
their customers with an objective and comparable way by which to communicate
their personal data handling practices," Daniele Catteddu, managing director,
EMEA (Europe Middle East and Africa) for CSA, said in prepared remarks. "This
is especially problematic in the EU, which maintains the most stringent
regulations on privacy as compared to the rest of the world. The PLA Working
Group represents an important first step in establishing global standards for
communicating the measures taken for protecting personal data in the cloud."

In addition to the establishment of the PLA,
the Singapore-based organization announced a partnership with ASTRI to
collaborate on applied cloud security research in order to better integrate
industry and academia's efforts into a joint framework that fosters cloud
computing initiatives in Hong Kong and the greater China region. The CSA's
Asia-Pacific (APAC) division and ASTRI's first collaboration will be a research
project under CloudCERT, a CSA initiative to enable the optimization of
Computer Security Incident Response Team's (CSIRT's) functionality within cloud
computing. The initiative will also see the establishment of the APAC CloudCERT
operational base in Hong Kong.
"CSA research activities in Hong Kong will be
a focal point for encouraging 'technopreneurship' across the APAC region and
should serve to support an innovation hub for cloud computing security,"
Aloysius Cheang, managing director at CSA APAC, said in a prepared statement.
"CSA's presence in Hong Kong will also serve as a central gateway for CSA
corporate members looking to establish a presence in Hong Kong and greater
China region."
The CSA recently partnered with communication
technology specialist Fujitsu Laboratories of America to launch the Big Data
Working Group (BDWG), programmed to crystallize best practices for security and
privacy in big data, help industry and government on the adoption of best practices,
establish liaisons with other organizations to coordinate the development of
big data security and privacy standards, and accelerate the adoption of novel
research aimed to address security and privacy issues.

Nathan Eddy is Associate Editor, Midmarket, at eWEEK.com. Before joining eWEEK.com, Nate was a writer with ChannelWeb and he served as an editor at FierceMarkets. He is a graduate of the Medill School of Journalism at Northwestern University.